Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

Malware Avalanche Still Gaining Momentum

It's a surprise to very few who follow the malware economy closely, but new metrics have arrived that chart the continued proliferation of the malware epidemic.
It was hard not to shake your head when anti-virus vendor Symantec reported this spring that it had recorded 711,912 unique threats during the course

It's a surprise to very few who follow the malware economy closely, but new metrics have arrived that chart the continued proliferation of the malware epidemic.

It was hard not to shake your head when anti-virus vendor Symantec reported this spring that it had recorded 711,912 unique threats during the course of 2007, a 468 percent increase compared with 2006, in its twice-yearly Internet Security Threat Report.

However, according to researchers at F-Secure, the problem continues to spiral out of control as trends such as server-side polymorphism and widely available exploit authoring tool kits continue to allow malware writers to create reams of new attacks (or, more precisely, attack variants) at a faster pace than ever before.

In its 2008 first-half data security summary, issued June 24, F-Secure reports that malware growth has reached its highest rates ever, with the "packing, encryption and obfuscation of existing families of Trojans, backdoors, exploits and other threats" driving the volume of attacks even higher than Symantec's reported figures.

According to the anti-virus vendor, the number of malware detections that F-Secure flagged during the first half of 2008 has already exceeded the growth rate that the company tracked over the entirety of 2007.

"We ended 2007 with 500,000 total detections. By the end of June 2008 this number is around 900,000. The growth rate has never been faster," Mikko Hypponen, chief research officer at F-Secure, said in a post on the company's Web site. "I have a nasty feeling that the situation is getting worse, not better; however, we're not giving up either."

Even scarier, Hypponen said in a testament to the growing sophistication of the cyber-crime industry, "criminals are adapting and utilizing enterprise-level systems and code within their operations. The complexity and quality of their IT infrastructure and systems continues to increase, providing them with the power to silently flood the Internet with their menace."

So, at the same time that tool kits are making it easier for anyone who wants to get into the malware game to do so, the guys at the top of the food chain are driving even higher levels of attack code complexity. Sweet.

And if you consider that Symantec clearly tracked even greater numbers of attacks in 2007 (likely based on the larger scale of its malware sensor network) than F-Secure, one might estimate that over 1 million new malware variants have been launched during 2008. Not good.

-The growing popularity of "jailbreaking" mobile devices -- the art of modifying phone hardware to add unapproved applications to the handhelds -- could lead to the spread of mobile malware if attackers begin sliding malware code into home-brewed applications.

All told, there appears to be no end in sight, and AV vendors such as Symantec and F-Secure are struggling to find new ways to keep up with the malware ecosystem.

Good times.

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWEEK and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.